Inside of my friend's website, when a user logs in, they send their username / password to him over HTTPS. Besides having a SSL, there isn't a special obfuscation of the password (it's living in memory in the browser).
Is there anything else he should do to tighten security? Should he keep it hashed? What about in RAM?
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!